RADIUS Secret

A RADIUS shared secret is a case-sensitive password used to validate communications between a RADIUS server, such as RSA RADIUS Server, and a RADIUS client, such as an Access Point (AP) or Remote Access Server (RAS). RSA RADIUS Server supports shared secrets of up to 127 alphanumeric characters, including spaces and the following special characters:

~!@#$%^&*()_+\=-‘{}[]:”’;<>?/.,

Identical shared secrets must be configured on both sides of the RADIUS communication link.

NOTE: Not all RAS devices support shared secrets of up to 127 alphanumeric/special characters. You should select shared secrets that are fully supported by RADIUS devices in your network.

Most RADIUS clients allow you to configure different secrets for authentication and accounting. On the server side, the configuration interface allows you to create a list of known RADIUS clients (RAS devices). You should be able to identify the authentication shared secret and accounting shared secret that a server uses to communicate with each of the clients on this list.

During an authentication transaction, password information must be transmitted securely between the RADIUS client (RAS or AP) and the RSA RADIUS Server. RSA RADIUS Server uses the authentication shared secret to encrypt and decrypt password information.

No encryption is involved in transmitting accounting data between a RADIUS client and RADIUS server. However, the accounting shared secret is used by each device to verify that it can “trust” any RADIUS communications it receives from the other device.

Replication Secret

A replication secret is a text string used to authenticate communications between a Primary RADIUS Server and a Replica RADIUS Server. You do not need to configure the replication secret for a realm: the Primary RADIUS Server generates it automatically, and each Replica RADIUS Server in a realm receives the replication secret as part of its configuration package.

Node Secret

A node secret is a pseudorandom string known only to the RSA RADIUS Server and RSA Authentication Manager. Before the RSA RADIUS Server sends an authentication request to the RSA Authentication Manager, it encrypts the data using a symmetric node secret key.

RSA RADIUS Server 6.1 Administrator’s Guide

About RSA RADIUS Server

7

Page 19
Image 19
RSA Security 6.1 manual Radius Secret, Replication Secret, Node Secret